public async Task <bool> Execute(string consentId) { if (string.IsNullOrWhiteSpace(consentId)) { throw new ArgumentNullException(consentId); } var consentToBeDeleted = new Models.Consent { Id = consentId }; return(await _consentRepository.DeleteAsync(consentToBeDeleted)); }
public Task UpdateAsync(IdentityServer3.Core.Models.Consent consent) { var item = _repo.GetConsentBySubjectAndClient(consent.Subject, consent.ClientId); bool needToInsert = false; if (item == null) { item = new Models.Consent { Subject = consent.Subject, ClientId = consent.ClientId }; needToInsert = true; } if (consent.Scopes == null || !consent.Scopes.Any()) { if (!needToInsert) { _repo.DeleteConsentBySubjectAndClient(consent.Subject, consent.ClientId); } } item.Scopes = StringifyScopes(consent.Scopes); if (needToInsert) { _repo.InsertConsent(item); } else { _repo.UpdateConsent(item); } return(Task.FromResult(0)); }
public async Task When_No_Consent_Has_Been_Given_For_The_Claims_Then_Create_And_Insert_A_New_One() { // ARRANGE InitializeFakeObjects(); const string subject = "subject"; const string clientId = "clientId"; var authorizationParameter = new AuthorizationParameter { Claims = new ClaimsParameter { UserInfo = new List <ClaimParameter> { new ClaimParameter { Name = Jwt.Constants.StandardResourceOwnerClaimNames.Subject } } }, Scope = "profile" }; var claims = new List <Claim> { new Claim(Jwt.Constants.StandardResourceOwnerClaimNames.Subject, subject) }; var claimsIdentity = new ClaimsIdentity(claims, "SimpleIdentityServer"); var claimsPrincipal = new ClaimsPrincipal(claimsIdentity); var client = new Models.Client { ClientId = clientId }; var resourceOwner = new ResourceOwner { Id = subject }; var actionResult = new ActionResult { RedirectInstruction = new RedirectInstruction() }; ICollection <Scope> scopes = new List <Scope>(); _consentHelperFake.Setup(c => c.GetConfirmedConsentsAsync(It.IsAny <string>(), It.IsAny <AuthorizationParameter>())) .Returns(Task.FromResult((Models.Consent)null)); _clientRepositoryFake.Setup(c => c.GetClientByIdAsync(It.IsAny <string>())) .Returns(Task.FromResult(client)); _parameterParserHelperFake.Setup(p => p.ParseScopes(It.IsAny <string>())) .Returns(new List <string>()); _scopeRepositoryFake.Setup(s => s.SearchByNamesAsync(It.IsAny <IEnumerable <string> >())) .Returns(Task.FromResult(scopes)); _authenticateResourceOwnerServiceStub.Setup(r => r.AuthenticateResourceOwnerAsync(It.IsAny <string>())) .Returns(Task.FromResult(resourceOwner)); _actionResultFactoryFake.Setup(a => a.CreateAnEmptyActionResultWithRedirectionToCallBackUrl()) .Returns(actionResult); Models.Consent insertedConsent = null; _consentRepositoryFake.Setup(co => co.InsertAsync(It.IsAny <Models.Consent>())) .Callback <Models.Consent>(consent => insertedConsent = consent) .Returns(Task.FromResult(new Models.Consent())); // ACT await _confirmConsentAction.Execute(authorizationParameter, claimsPrincipal); // ASSERT Assert.NotNull(insertedConsent); Assert.True(insertedConsent.Claims.Contains(Jwt.Constants.StandardResourceOwnerClaimNames.Subject)); Assert.True(insertedConsent.ResourceOwner.Id == subject); Assert.True(insertedConsent.Client.ClientId == clientId); _actionResultFactoryFake.Verify(a => a.CreateAnEmptyActionResultWithRedirectionToCallBackUrl()); }
/// <summary> /// This method is executed when the user confirm the consent /// 1). If there's already consent confirmed in the past by the resource owner /// 1).* then we generate an authorization code and redirects to the callback. /// 2). If there's no consent then we insert it and the authorization code is returned /// 2°.* to the callback url. /// </summary> /// <param name="authorizationParameter">Authorization code grant-type</param> /// <param name="claimsPrincipal">Resource owner's claims</param> /// <returns>Redirects the authorization code to the callback.</returns> public async Task <ActionResult> Execute( AuthorizationParameter authorizationParameter, ClaimsPrincipal claimsPrincipal) { if (authorizationParameter == null) { throw new ArgumentNullException(nameof(authorizationParameter)); } if (claimsPrincipal == null || claimsPrincipal.Identity == null) { throw new ArgumentNullException(nameof(claimsPrincipal)); } var client = await _clientRepository.GetClientByIdAsync(authorizationParameter.ClientId); if (client == null) { throw new InvalidOperationException(string.Format("the client id {0} doesn't exist", authorizationParameter.ClientId)); } var subject = claimsPrincipal.GetSubject(); Models.Consent assignedConsent = await _consentHelper.GetConfirmedConsentsAsync(subject, authorizationParameter); // Insert a new consent. if (assignedConsent == null) { var claimsParameter = authorizationParameter.Claims; if (claimsParameter.IsAnyIdentityTokenClaimParameter() || claimsParameter.IsAnyUserInfoClaimParameter()) { // A consent can be given to a set of claims assignedConsent = new Models.Consent { Client = client, ResourceOwner = await _authenticateResourceOwnerService.AuthenticateResourceOwnerAsync(subject), Claims = claimsParameter.GetClaimNames() }; } else { // A consent can be given to a set of scopes assignedConsent = new Models.Consent { Client = client, GrantedScopes = (await GetScopes(authorizationParameter.Scope)).ToList(), ResourceOwner = await _authenticateResourceOwnerService.AuthenticateResourceOwnerAsync(subject), }; } // A consent can be given to a set of claims await _consentRepository.InsertAsync(assignedConsent); _simpleIdentityServerEventSource.GiveConsent(subject, authorizationParameter.ClientId, assignedConsent.Id); } var result = _actionResultFactory.CreateAnEmptyActionResultWithRedirectionToCallBackUrl(); await _generateAuthorizationResponse.ExecuteAsync(result, authorizationParameter, claimsPrincipal, client); // If redirect to the callback and the responde mode has not been set. if (result.Type == TypeActionResult.RedirectToCallBackUrl) { var responseMode = authorizationParameter.ResponseMode; if (responseMode == ResponseMode.None) { var responseTypes = _parameterParserHelper.ParseResponseTypes(authorizationParameter.ResponseType); var authorizationFlow = GetAuthorizationFlow(responseTypes, authorizationParameter.State); responseMode = GetResponseMode(authorizationFlow); } result.RedirectInstruction.ResponseMode = responseMode; } return(result); }